please i need help in this Acme Bank has decided that it\'s time to renew their
ID: 3904171 • Letter: P
Question
please i need help in this
Acme Bank has decided that it's time to renew their practices. In the past they have stored and maintained all their data in-house but they are going to open a request for proposals for outside firms to do the job for them. The data management tasks include both their (internal) administrative assets, i.e. HR, as well as their (outfacing) customers' databases, i.e. accounts and transactions. You are the contractor that will put together that proposal. Basing it off of the CIA triangle, identify three possible threats including a profile of the attacker and an attack tree for each. Propose at least three possible solutions to the attacks, threats or vulnerabilities identified. Include references to cryptography - private and public key, hashing, firewalls, vpns, physical security, and policy either to assert the need to include or exclude that element.
10 - CIA discussion (this can be interspersed or separated but it must address the specific needs and solutions provided for your client)
10 points each threat with description and rationale - 30
10 points each solution with description and rationale - 30
10 points each attack tree and attacker profile - 30
Explanation / Answer
The Types of Threats and Solutions for each of the Threats have been listed below:-
Threat #1 DOS Error & DDOS Error - DOS, short form of Denial of Service and DDOS short form of Distributed Denial of Service are superior amongst all the threats as they are very difficult to get rid from. In addition they easily get launched and are cumbersome to track.
Security Solutions
Threat #2 Unauthorized Access - This is the most harmful threat as it leads to the loss of significant information and also to further attacks which could be worse than this. An attacker unknowingly gains access to your authorized section and steals sensitive resources. Suppose a host also playing the role of a web server has to provide web pages as per the request. But the host should not allow anybody to access the command shell without being sure about the identity of the user.
Security Solutions
Threat #3 Eavesdropping - Another greatest security threat in network. During eavesdropping, an intruder intercepts the packages of data transferred over HTTP (through monitoring software), modifies the data and misuses them in order to harm the network. It is really a dangerous threat as there are many tools named as Sniffers available and developed frequently to intercept the data packages.
Security Solutions
Threat #4 IP Spoofing - IP spoofing means presuming the IP of a network, creating an illusion of being a valid IP by creating Internet Protocol packets with disguised intentions of harming the actual owner of the IP address.
By forging the headers in order to insert fallacious information in the e-mail headers to mislead the receiver from the original destination is also a type spoofing which is known as Spamming.
Security Solutions
Threat #5 Man-in-the-middle-attack - MITM is one of the most dreadful network threats. An intruder here establishes an independent connection with both sender and receiver, intercepts their messages one by one, modifies those messages and relays back to the sender and receiver. This all occurs so smoothly that both the sender and receiver never come to know that they are being overheard by someone. In addition it exposes your network to several other threats.
Security Solutions
Please let me know in case of any clarifications required. Thanks!
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.